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Talking Points 


Virtualization: Floor Wax & Dessert Topping 

Woot! Virtualization Rocks! 

Mama says “Virtualization is da Devil!” 

Today’s Risk Model is Kaput! 

Threats, Vulnerabilities & Hype 

Pragmatism & Perspective: Taking Action 
Today 

The Quest for the Holy Grail 
I’m OK. You’re OK. 
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Virtualization: Floor Wax & 
Dessert Topping 

Virtualization is often technically defined as: 

...an abstraction layer that decouples the physical 
hardware from the operating system to deliver 
greater resource utilization and flexibility, 


But it’s really about two things: 

- Time 

- Money 
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Virtualization Is About More Than 

Just Servers 


Servers 

Clients 

Networks 

Storage 

Operating Systems 

Applications 

Security 

Access 

Information 

Operations 



Resources 

Partitioning 

Isolation 

Encapsulation 

Platforms 


Mastering Virtualization from the Datacenter to the Desktop 



wOOt! Virtualization Rocks! 





■ Physical Consolidation 


■ Easy Backup 

■ Cost Reduction 

1 

! ■ Fault Tolerance 

■ Ease and flexibility of 

i 

; ■ Eases Application 

Provisioning 

'■* 

Lifecycle Management 

■ On-demand Resource 


■ Provides Development 

Pooling 


Efficiencies 

■ Disaster Recovery 


■ Allows for ubiquitous 

■ Capacity on-Demand 


Computing 

■ Application Availability 


■ ■ Application Portability 

■ Management of 


■ Secure computing 

Service Levels 


environments... 

V y 
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Mama Says “Virtualization Is Da Devil!” 


Virtualization changes 
the way resources & 
networks are: 

- Designed 

- Provisioned 

- Deployed 

- Administered 

- Patched 

- Recovered 

- Assessed 

- Monitored 

- Audited 



...and how 
information across 
its lifecycle is: 

- Created 

- Stored 

- Controlled 

- Accessed 

- Destroyed 

- Archived, and 
Secured 
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Highly Scientific Poll #1 


What Fraction of Your Servers Are 




a. 0% 

b. 1%-25% 

c. 26%-50% 

d. 51% to 75% 

e. 76% to 99% 

f. 1 00% 


Source: Information Week 2007 Analytics Brief : Securing the New Data Center 

Wot]6 
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Survey Says! 






VM Valgmr 


IMhat Irut^n □! yaur sorvan af« vlrtLfbllz«d? 



Lpgi^l 1% 




V 
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Highly Scientific Poll #2 


A 




Does your organization have a formal 
security/information protection strategy 
for virtualization server environments 

a. No IT Security/protection in place for virtual 
servers 

b. A VM-tailored strategy and solution is in place 

c. VM servers comply with company standards 
defined by conventional server infosec policy 

d. We’re working on it! 


Source: Information Week 2007 Analytics Brief : Securing the New Data Center 

Wot]6 
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Survey Says! 




Security Strategy 


Does your orqanlz-atlon have -a lormar sec jrlty/InfermatJon prelection -strate-qy for virtual Izatlen 
server envJrenmenU? 

In fer serve ^ 

A VH-tellcred 
end selutiens in 

VM servers eoinply ^ith company standards 
Jc-lirlifd by convtiitipnfll Jifrvtf irtf(>ttC polity 

WpV<^ w^rkiJtq on it! W 23% 


29% 


l^^rruCAi^r^l ^1 
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Whoops! 


The Phantom Menace: Unmanaged VMs and 
VM “Appliances” 


By 2010, unmanaged VMs will be 
as significant an issue to 
enterprises as unmanaged devices 
are in 2007 (0.9 probability). 

“Best Practices and Security Considerations for 
Securing Virtual Machines” G00144828 March 2007 


Gartner 
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Highly Scientific Poll #3 


How do virtual servers compare with 
conventional server environments for 
information protection and security 

a. VMs are as secure and safe as conventional 
servers 

b. VMs are more prone to risk than conventional 
servers 

c. VMs are less prone to risk than conventional 
servers 






Source: Information Week 2007 Analytics Brief : Securing the New Data Center 

Wot]6 
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Survey Says! 






In y-CHjr &p-lnl{?iiH How do strvtrs compare with convent lonpl server envlronmsntf for Inlormatl-on 

protectlp-ri end ?ecurity? 

VM; A~\o/ 

sergerl 

V Me- are more prone to risk ^ 

than ce'riiVentlo--nal servers 

VH$ anC !■?$$ pram? ^t^ risk 
than c.*r^venli4^all ierwers 


t don'r kn-ow 



21% 


5^VfTf ■ l--fpf mfl[lon»Mi Pyi 
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We Have a Failure To Communicate! 


Most Virtual Machines Deployed Will Be Less 
Secure than Their Physical Counterparts 


Through 2009, 60% of production 
Virtual Machines will be less 
secure than their physical 
counterparts (0.8 probability). 


“Best Practices and Security Considerations for 
Securing Virtual Machines” G00144828 March 2007 


Gartner 
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Today’s Risk Model is Kaput! 


■ Virtualization takes every issue we 
have today in security and amplifies 
them 

■ Crunchy on the outside and even more 
gooey in the middle! One moat, lots of 
castles 

■ Increased operational risk; SoD, role 
change, loss of visibility 

■ Unprepared for new attack surfaces 
and threat vectors 

■ Immature management and security 
solutions 

■ Transitive technology mated to static 
controls & approaches to security 
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How Do We Assess Risk in a Virtualized Environment? 


Burton Group’s 5 Immutable (?) Laws of Virtualization 

Law 1 : Attacks against the OS and applications of a physical system have the 
exact same damage potential against a duplicate virtual system. 

Law 2: A VM has higher risk than its counterpart physical system that is running 
the exact same OS and applications and is configured identically. 

Law 3: VMs can be more secure than related physical systems providing the 
same functional service to an organization when they separate functionality and 
content that are combined on a physical system. 

Law 4: A set of VMs aggregated on the same physical system can only be made 
more secure than its physical, separate counterparts by modifying the 
configurations of the VMs to offset the increased risk introduced by the 
hypervisor. 

Law 5: A system containing a “trusted” VM on an “untrusted” host has a higher 
risk level than a system containing a “trusted” host with an “untrusted” VM. 
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Virtualization Makes Simplicity Complex? 


Virtualization Tornado 

New 

Hypervisor 

Laver 

Instant Server 
Creation 

Dynamic VM 
Moves and 
Changes 

Complex 

Server 

Stacks 





Un-Tethered 

HW&OS 

VM 

Sprawl 


Static Security 
Break down 


Patch Testing 
Gridlock 

* New Achilles heel? 

OR 

• New security point? 

• Unmanaged VMs 

• Unprotected VMs 

• “Rogue” VMs 

• Offline VMs 

• VMotion’ed VMs 
Breaks Static Policies 

• Version mis-match 

• Complex regression 

• Database security 

The Result 


Slide Courtesy of: 




WueLane 
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Hypervisors = Disruptive Commodity? 






Seems everybody’s got one... 

► VMware 

► Citrix 

► Microsoft 

► Oracle 

► Phoenix 

...and they’re showing up in aii sorts of 
places 

► Servers 

► Clients 

► Appliances 

► Mobile Platforms (?) 
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The Battle for the Datacenter 



Upgrading from servers to blades 
Moving from hosts and switches to 
clusters and fabrics 
Evolving from hardware/software affinity to 
grid/utility computing 

Transitioning from infrastructure to service 
layers in “the cloud” 




“A hundred years ago, companies stopped producing their own power with steam engines and generators 
and plugged into the newly built electric grid. ” - Nicholas Carr, the Big Switch 
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Some Things To Worry About Today 


■ Operational Risks 

■ Immature Mgmt & 
Security Tools 

■ Virtual networking 
misconfiguration 

■ Transition & separation 
of duties 

■ Vulnerability Mgmt 
Lifecycle (on/offline VM) 

■ Inconsistent Security 
Policies/Procedures 

■ Loss of IDP Visibility 





Threats & Vectors 

■ Guest-hopping 
(Intra-VM) attacks 

■ Vulnerabilities in HV 

■ Attack management 
stacks 

■ Theft of an intact VM 

■ Rogue VMs 
VM Sprawl 
VM Mobility 
Shared 
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Some Things To Worry About Later 







\ 


Things you can’t do much about today but are 
important to think about: 

■ Hypervisor subversion (Hyperjacking) 

■ Virtualization-aware malware 

■ Virtualization Chipset malware 

■ Adding to the OS Monoculture 

■ Thinner hypervisors yet exposing 
more dense functionality via API 

■ Moore’s Law (multicore) Crisis* 











*http://smoothspan.wordpress.com/2007/09/06/a-picture-of-the-multicore-crisis/ 
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Securing Virtualized Enviroijments 

• Examine our options today 

• See what’s expected in the 
near term 

• Paint a picture of what we’cHike 
to see in the long term 

• Provide some pragmatic advice 

• Offer some examples 
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The Network is the Computer... 

Routing/Switching Infrastructure ^ ^ 



■ Let’s say that we have a single physical 
host which is connected to the physical 
switched network via Gb/s Ethernet 

■ Further, we have 4 VM’s in a that single 
physical host each representing 
components of an application stack 

■ The bulk of communications are 
between the the VM’s utilizing intra-VM 
communications across the virtual 
switch fabric and does not touch the 
physical network 

■ Thus, the network #s the computer or 
vice versa? 

■ How does the “network” supposedly 
self-defend when it’s not even used? 
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Secure the Networks Hosting the VM 
Today... Common Sense Stuff 


Options: 

Segment your network based on 
criticality, function or access 

Deploy embedded security across the 
network infrastructure 
Deploy Security as a best-of-breed 
overlay Virtualized Service Layer 

Evolve along the virtualization security 
model continuum we’re about to discuss 

Integrate Host & Network Protection 
Schemes and tie in telemetry 
Monitor, monitor, monitor 

All of the above 


Do you segment your data center network for security? 



DCSegmented 

■ no 

■ yss 


Figure 3: Data Center Security Segmentation 




nemertes 
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Security Software in the VM 


A ^ 

• Security Software installed on 
each VM 

• Protects only that VM 

• Limited visibility 

• Unaware that the VM is 
virtualized 

• Same management 
functionality as today 

• Does not reduce costs 

V J 
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You Can Do This Now 
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Today: The Usual Suspects... 




McAfee’ 


PI Check Point 

r V/., nrrwiKriC4P40UK»Lr:i 

Wb the Irttemat 


i?7nwlT^ 


Most anything you run today in your 
conventional environments will work here... 

- Firewalls 

- HIDS 

- HIPS 

-Anti-virus 0net 

- NAC Symantec. 

- Endpoint Assurance _ trend 

MICRO 


CISCO 


- Patch Management Configuresoft 

- Configuration Audit & Control 



B I G F I X' 
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Virtualized IDP as Virtual ApplianceA/M 


A ^ 

• Security software installed in 
a VM as a virtual appliance 

• Paired with software installed 
in VMs per previous model 

• Allows virtualization of 
security across Host 

• Requires virtual networking 
configuration 

• Better Intra-VM visibility 

V J 




You Can Do This Now 
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Today: BlueLane’s VirtualShield 


BlueLane’s VirtualShield: 

Purpose-built virtual appliance 

- No hardware assist required 

- Zero packet copies through appliance 

- Tight integration with the hypervisor 
High-performance core platform 

- High throughput, low latency 

- Full session context & protocol decode 

- Integrated with Virtual Center 
Dynamically loadable content 

- Breadth of coverage options 

- On-demand assignment & execution 
Security function consolidation 

- Vulnerability detection/correction 

- App & server-specific policies 

- User, usage-based access control 




App App 


OS 


App App 


OS 


App I App 


OS 



Dynamic 

Protocol 

Handler 

Inline 

Patches 

Inline 

Policies 


Session & Asset 
Manager 


Inline Correction 
Engine 


T ransparent TCP/IP T ransformer 


Core Platform 




App 


App 


OS 


App 


App 


OS 




App 


App 


OS 




App 


App 


OS 




App 


App 


OS 


A Virtual Vulnerability Shield 




Hypervisor 




Hardware 
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Virtualized IDP Interacting with Security Fabric 


• Same as previous model 
but adds interaction with 
external security devices 

• Better performance 

• Ability to tie into non- 
virtualized security fabric 

• Ability to apply same 
policies across physical/ 
virtual 

V J 



You Can Do This Now 
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Today: Reflex VSA 


■ Reflex VSA 

- Access firewall for permission 
enforcement for intra-VM and 
external network communication 

- Intrusion Prevention with inline 
blocking and filtering for virtual- 
ized networks 

- Anomaly, signature, and rate- 
based threat detection capability 




Physical Hardwdf9 






- Network Discovery to discover and map all virtual machines and 
applications 

- Centralized configuration and management console, 
comprehensive reporting tools, and real-time event aggregation and 
correlation 


- Works in coniunction with physical security switches 
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...adding Security in the Hypervisor 


• Same as previous model 
but adds/relies upon 
additional security 
capabilities in the 
hypervisor 

• Tighter integration 
between third party 
security functions, HV and 
management toolsets 

V J 



/ \ 

External 

Firewall, 

IPS, : ' • 
NAC, = 
Switch ^ 

V 1/ 


Coming Soon... 
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...With Third Party Virtual Switches 


• Same as previous model 
but now allows for choice 
of vSwitches 

• Allows integration/ 
replication of external 
software, fabric 
capabilities and policy 

• Enhanced Security 

• Enhanced Flexibility 

V J 



Bueller?... 
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...With TPM and Exposure of HV APIs 


• Same as previous model 
but now exposes native HV 
functionality via APIs 

• Integrates TPM for trust 
model, assurance & 
extension of functionality 

• Allows the HV to become 
thinner 

• Defines the Security 
Subsystem 

^ 



Santa? Easter Bunny? 
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I’m OK, You’re OK - Things We Can Do Today 


Follow your virtualization environment provider’s and industry 
guidelines for security. 

Apply at least the same strategies to your VM’s that you use for 
your non VM environments 

Segment your network; isolate by function, criticality and security 

Treat each VM Host as a perimeterized DMZ 

Monitor and extract really good telemetry and instrumentation 

Baseline your network NOW before something bad happens 

Explore New Technologies such as Blue Lane, Reflex 

Virtualize Security Service Layers across network infrastructure 

Enforce rigorous control over admins with auditing and device 
management (physical and logical) 

Push our vendors to develop solutions for virtualized environments 
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World 



The Quest For the Virtualization Security Holy Grail 

1 . We need affinity between the VM and protection schemes; security 
policy moves with the VM 

2. Centralized VM registration providing physical Hardware/VM 
Registration Services that controls VM spin-up (TPM) 

3. Comprehensive discovery, profiling, & dynamic protection of all VM’s 

4. Integrated Network Admission Control & Network Access 
Control for VMs at the Virtual Switch layer 

5. Implement a trust model in hardware & software 

6. Behavioral Anomaly Detection (network & content) 

7. Rootkit Detection for both hardware and software layers 

8. Correlation of telemetry between VM Management and security plapes 

9. Separate and secure control/data paths 

10. Tie in network security functions, host controls and VM/Hypervisor 
provisioning & defenses into a consolidated single pane of glass for 
virtualized management (think Cisco’s vFrame) 
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World 




Summary Advice for InfoSec Types 


OTld 


■ Virtualization is a useful thing; your CIO 
wants it. You should, too. 

■ If you’re security sucks now, you’ll be 
comforted by the lack of change when you 
deploy virtualization! 

■ Use the opportunity to bring your 
developers, the network, security teams and 
the auditors closer.. .even if blunt-force 
trauma ensues 


Don’t hate the player, hate the game! 
Virtualization is unavoidable, don’t try.. .you 
will be assimilated 


There’s no silver bullet, but a lot of silver 
buckshot. ..use it all 
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Questions/Comments? 


/■ \ 

Christofer Hoff 

Chief Architect, Security Innovation - Unisys 
Christofer.Hoff@Unisvs.com 
+ 1 . 978 . 631.0302 


Blog: 

http://rationalsecuritv.tvDeDad.com 



GUINNESS 
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